2 Answers
2

Unless that PEM file actually contains the CA certificate for the client certificates you wish to grant access, this is incorrect; to provide apache with a certificate chain, use SSLCertificateChainFile instead.

Apache must have the actual certificate and any intermediate certificates used to sign/produce the endpoint certificate, up to and including a root certificate that is trusted by browsers.

Verify that you run the openssl command with the correct hostname to access your vhost, I'm assuming you have multiple vhosts for port 443 and the one that was defined in your distro's default setup takes precedence.